Bladeren bron
Merge pull request #1176 from GoMatrixHosting/master
GoMatrixHosting v0.5.4pull/1179/head
Slavi Pantaleev
4 jaren geleden
committed by
GitHub
GitHub
Geen bekende sleutel gevonden voor deze handtekening in de database
GPG sleutel-ID: 4AEE18F83AFDEB23
5 gewijzigde bestanden met toevoegingen van 21 en 21 verwijderingen
-
+0 -1roles/matrix-awx/surveys/backup_server.json.j2
-
+12 -12roles/matrix-awx/tasks/customise_website_access_export.yml
-
+1 -1roles/matrix-awx/tasks/purge_media_local.yml
-
+7 -6roles/matrix-awx/tasks/purge_media_main.yml
-
+1 -1roles/matrix-awx/tasks/purge_media_remote.yml
+ 0
- 1
roles/matrix-awx/surveys/backup_server.json.j2
Bestand weergeven
| @@ -16,4 +16,3 @@ | |||||
| } | } | ||||
| ] | ] | ||||
| } | } | ||||
+ 12
- 12
roles/matrix-awx/tasks/customise_website_access_export.yml
Bestand weergeven
| @@ -128,18 +128,13 @@ | |||||
| validate_certs: yes | validate_certs: yes | ||||
| when: customise_base_domain_website is undefined | when: customise_base_domain_website is undefined | ||||
| - name: Ensure group "sftp" exists | |||||
| group: | |||||
| name: sftp | |||||
| state: present | |||||
| - name: If user doesn't define a sftp_password, create a disabled 'sftp' account | - name: If user doesn't define a sftp_password, create a disabled 'sftp' account | ||||
| user: | user: | ||||
| name: sftp | name: sftp | ||||
| comment: SFTP user to set custom web files and access servers export | comment: SFTP user to set custom web files and access servers export | ||||
| shell: /bin/false | shell: /bin/false | ||||
| home: /home/sftp | home: /home/sftp | ||||
| group: sftp | |||||
| group: matrix | |||||
| password: '*' | password: '*' | ||||
| update_password: always | update_password: always | ||||
| when: sftp_password|length == 0 | when: sftp_password|length == 0 | ||||
| @@ -150,15 +145,20 @@ | |||||
| comment: SFTP user to set custom web files and access servers export | comment: SFTP user to set custom web files and access servers export | ||||
| shell: /bin/false | shell: /bin/false | ||||
| home: /home/sftp | home: /home/sftp | ||||
| group: sftp | |||||
| group: matrix | |||||
| password: "{{ sftp_password | password_hash('sha512') }}" | password: "{{ sftp_password | password_hash('sha512') }}" | ||||
| update_password: always | update_password: always | ||||
| when: sftp_password|length > 0 | when: sftp_password|length > 0 | ||||
| - name: Ensure group "sftp" exists | |||||
| group: | |||||
| name: sftp | |||||
| state: present | |||||
| - name: adding existing user 'sftp' to group matrix | - name: adding existing user 'sftp' to group matrix | ||||
| user: | user: | ||||
| name: sftp | name: sftp | ||||
| groups: matrix | |||||
| groups: sftp | |||||
| append: yes | append: yes | ||||
| when: customise_base_domain_website is defined | when: customise_base_domain_website is defined | ||||
| @@ -214,14 +214,14 @@ | |||||
| group: sftp | group: sftp | ||||
| mode: '0644' | mode: '0644' | ||||
| when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key") | when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key") | ||||
| - name: Alter SSH Subsystem State 1 | |||||
| - name: Remove any existing Subsystem lines | |||||
| lineinfile: | lineinfile: | ||||
| path: /etc/ssh/sshd_config | path: /etc/ssh/sshd_config | ||||
| line: "Subsystem sftp /usr/lib/openssh/sftp-server" | |||||
| state: absent | state: absent | ||||
| regexp: '^Subsystem' | |||||
| - name: Alter SSH Subsystem State 2 | |||||
| - name: Set SSH Subsystem State | |||||
| lineinfile: | lineinfile: | ||||
| path: /etc/ssh/sshd_config | path: /etc/ssh/sshd_config | ||||
| insertafter: "^# override default of no subsystems" | insertafter: "^# override default of no subsystems" | ||||
+ 1
- 1
roles/matrix-awx/tasks/purge_media_local.yml
Bestand weergeven
| @@ -6,7 +6,7 @@ | |||||
| - name: Purge local media to specific date | - name: Purge local media to specific date | ||||
| shell: | | shell: | | ||||
| curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}' | |||||
| curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000' | |||||
| register: purge_command | register: purge_command | ||||
| - name: Print output of purge command | - name: Print output of purge command | ||||
+ 7
- 6
roles/matrix-awx/tasks/purge_media_main.yml
Bestand weergeven
| @@ -17,15 +17,16 @@ | |||||
| - jq | - jq | ||||
| state: present | state: present | ||||
| - name: Collect access token for janitor user | |||||
| shell: | | |||||
| curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token' | |||||
| register: janitors_token | |||||
| - name: Collect the internal IP of the matrix-synapse container | - name: Collect the internal IP of the matrix-synapse container | ||||
| shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" | shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" | ||||
| register: synapse_container_ip | register: synapse_container_ip | ||||
| - name: Collect access token for janitor user | |||||
| shell: | | |||||
| curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' | |||||
| register: janitors_token | |||||
| no_log: True | |||||
| - name: Generate list of dates to purge to | - name: Generate list of dates to purge to | ||||
| delegate_to: 127.0.0.1 | delegate_to: 127.0.0.1 | ||||
| shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" | shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" | ||||
+ 1
- 1
roles/matrix-awx/tasks/purge_media_remote.yml
Bestand weergeven
| @@ -6,7 +6,7 @@ | |||||
| - name: Purge remote media to specific date | - name: Purge remote media to specific date | ||||
| shell: | | shell: | | ||||
| curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}' | |||||
| curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000' | |||||
| register: purge_command | register: purge_command | ||||
| - name: Print output of purge command | - name: Print output of purge command | ||||